As I like to say, “IBM i runs the world.” The major industries such as Financials, Manufacturing, Distribution, Trucking, Healthcare, and Insurance all run their core business functions on IBM i. They do this because it is the most reliable, available, and secure platform. If all the IBM i data disappeared, I’m not sure what would happen. I know it wouldn’t be good.
#1 Data Protection
Data is your company’s most critical asset, and protecting your data should be on the top of your list. Ransomware attacks continue to rise worldwide, making data protection the most crucial area companies should focus on today. Companies spend lots of money to ensure their IBM i systems are reliable and available, but sometimes they neglect the security because they believe it’s secure out of the box. A false sense of security has been the cause of successful ransomware attacks on IBM i.
Compromised credentials continue to be a leading cause of data breaches, followed by misconfigured software settings and third-party software vulnerabilities. When Steve Pitcher does a penetration test, he looks for users with default passwords. That is often the foot in the door he needs to be able to exploit the vulnerability of a system. If compromised credentials are part of the problem, then this is where we need a solution.
What is Multi-Factor Authentication (MFA)
Multi-Factor Authentication (MFA) can help prevent bad actors from accessing your sensitive data even if they can compromise the credentials of one of your IBM i users. MFA isn’t a new concept. We’ve all logged into an application and have had to enter a code we receive in our email or cell phones. In some cases, you may even have a physical token you need to use to access data. While we see companies have adopted MFA for some of their environments, many have not implemented it on IBM i.
The basic premise of MFA is that you sign on with something you know, have, or are. Your password and user ID is typically the thing you know. It’s also the easiest thing for someone else to know. Something you have is typically your email or your phone. The assumption is that someone else doesn’t have access to your password, email, or phone. Something you are refers to biometrics, such as your fingerprint or facial recognition. This added layer of protection is meant to stop someone who shouldn’t have access to your data from getting it.
MFA provides an added layer of protection around your data. MFA for IBM i can help you protect your data from unauthorized access by requiring users to use multiple forms of authentication before they can log in to the system. You can also use exit points to require someone to reauthenticate when trying to access a sensitive file or use a sensitive command.
#2 Compliance and Cyber Security Insurance Requirements
Speaking of accessing sensitive files or commands leads directly to compliance. Compliance isn’t new; there are more requirements than ever before. Auditors like to have audit trails of who did something and what they did. MFA applications help to automate access to sensitive files and commands while providing an audit trail for reporting. MFA applications can integrate with SIEM for real-time alerts and reporting of authentication failures.
With the onslaught of ransomware attacks, companies are turning to Cyber Security Insurance to help protect their business following a breach. The cost of a ransomware attack is astronomical, and the insurance companies require customers to implement multiple layers of security, including MFA, to qualify or receive better rates.
#3 IBM i MFA integrates with RADIUS or RSA
You might be thinking that you don’t want to have to implement another authenticator in your environment. If you’re already using MFA for your network or other platforms, you can integrate your existing RADIUS or RSA SecureID authenticators with your IBM i MFA.
If you aren’t already using MFA internally, and don’t want to invest in RADIUS or RSA, then you can use the built-in authenticator. The built-in solution delivers tokens via email or pop-up windows. The third-party solutions have more robust features such as physical tokens and support for biometrics. If you are cost conscious, getting started with the built-in authenticator is an excellent option.
#4 Automate Password Resets
MFA software can also help automate password resets, which can be time-consuming for administrators to do manually. With the ability to have pre-defined security questions or single-use tokens, password reset for users can be automated.
MFA provides companies with an added layer of data protection, helps them to meet compliance or cyber security insurance requirements, easily integrates with existing RADIUS or RSA authenticators, and helps automate time-consuming tasks. iTech has the experience, knowledge, and know-how to help you implement MFA and protect your company from being the next victim of a ransomware attack
More from this month:
- SMB Version Support for IBM i NetServer
- Are YOU Staying Current?
- Do You Want It All In Life? You Probably Already Do
- iTech iTip Videos
- Webinar Replay: The Value of Staying Current
- Sips & Tricks: Coffee with iTech
- iBasics: IBM i Education for the Beginner System Administrator
- Let iTech Take You Out to the Ballgame ⚾
- Power Hour Podcast: The Value of Staying Current (NEW!)
- Upcoming Events
- iTech Spotlight
- IBM i, FSP, and HMC release levels and PTFs (July 2022)